Users can access web-based applications (web applications or applications) hosted on one or more servers. In some examples, a user can access web applications through a browser, which displays web pages associated with the web application. In some applications, interaction between the user and the application is intended to be secure, in that the an identity of the user must be authenticated by the application before the user is able to access secure or confidential data through the applications, and/or perform privileged actions.
Traditional password-based authentication schemes are susceptible to various forms of attack by malicious users. Although countermeasures have been developed, the countermeasures have varying degrees of effectiveness and, in some cases, multiple countermeasures are implemented at various layers in an effort to obviate multiple attack trajectories.